Security Onion Cloud Client – NSM for the Cloud

As of yesterday, SANS has accepted & published the whitepaper for my GCIA Gold, titled “The Security Onion Cloud Client – Network Security Monitoring for the Cloud.”

Abstract

 With “cloud” servers continuing to become ever more popular, along with typical off-site servers (VPS/Dedicated), Network Security Monitoring (NSM) practitioners struggle to gain insight into these devices, as they usually don’t have the ability to tap the network traffic flowing to and from the servers—To solve this problem, I propose designing a cross platform (Windows, Linux) NSM client that would integrate with Security Onion, a NSM-centric Linux distribution.  Essentially, the NSM client would copy traffic (near real time) to the Security Onion Sensor, which would then process the data as it would any other network tap.  This would allow NSM practitioners the visibility they need into their off-site servers that are not in a setting where a typical NSM setup would suffice.

This was a topic that has direct impact on what I do on a daily basis, as most of the organizations that I do work for have at least a couple Cloud servers. I will be taking the next couple months and integrating the Cloud Client into Security Onion…. Hopefully it will see the light of day on the Stable ppa by the end of the year.

As for the actual paper, until SANS puts it on their Reading Room, you can find a pdf of it here.

-Josh

Tagged , , , ,

One thought on “Security Onion Cloud Client – NSM for the Cloud

  1. Josh, congrats on getting this accepted. The ability to monitor these types of servers is a big deal for non-profits and other groups interested in keeping a tab on what’s actually flowing to/from the VPS.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s